Interface CryptoBackend

globalBlacklistUnverifiedDevices

bootstrapCrossSigning

• bootstrapCrossSigning(opts): Promise<void>

• Bootstrap cross-signing by creating keys if needed.

  If everything is already set up, then no changes are made, so this is safe to run to ensure cross-signing is ready for use.

  This function:

  • creates new cross-signing keys if they are not found locally cached nor in secret storage (if it has been set up)
  • publishes the public keys to the server if they are not already published
  • stores the private keys in secret storage if secret storage is set up.

  Parameters

  • opts: BootstrapCrossSigningOpts

    options object

  Returns Promise<void>

bootstrapSecretStorage

• bootstrapSecretStorage(opts): Promise<void>

• Bootstrap the secret storage by creating a new secret storage key, add it in the secret storage and store the cross signing keys in the secret storage.

  • Generate a new key GeneratedSecretStorageKey with createSecretStorageKey. Only if setupNewSecretStorage is set or if there is no AES key in the secret storage
  • Store this key in the secret storage and set it as the default key.
  • Call cryptoCallbacks.cacheSecretStorageKey if provided.
  • Store the cross signing keys in the secret storage if
    • the cross signing is ready
    • a new key was created during the previous step
    • or the secret storage already contains the cross signing keys

  Parameters

  • opts: CreateSecretStorageOpts

    Options object.

  Returns Promise<void>

createRecoveryKeyFromPassphrase

• createRecoveryKeyFromPassphrase(password?): Promise<GeneratedSecretStorageKey>

• Create a recovery key (ie, a key suitable for use with server-side secret storage).

  The key can either be based on a user-supplied passphrase, or just created randomly.

  Parameters

  • Optional password: string

    Optional passphrase string to use to derive the key, which can later be entered by the user as an alternative to entering the recovery key itself. If omitted, a key is generated randomly.

  Returns Promise<GeneratedSecretStorageKey>

  Object including recovery key and server upload parameters. The private key should be disposed of after displaying to the use.

exportRoomKeys

• exportRoomKeys(): Promise<IMegolmSessionData[]>

• Get a list containing all of the room keys

  This should be encrypted before returning it to the user.

  Returns Promise<IMegolmSessionData[]>

  a promise which resolves to a list of session export objects

findVerificationRequestDMInProgress

• findVerificationRequestDMInProgress(roomId): undefined | Crypto.VerificationRequest

• Finds a DM verification request that is already in progress for the given room id

  Parameters

  • roomId: string

    the room to use for verification

  Returns undefined | Crypto.VerificationRequest

  the VerificationRequest that is in progress, if any

forceDiscardSession

• forceDiscardSession(roomId): Promise<void>

• Discard any existing megolm session for the given room.

  This will ensure that a new session is created on the next call to prepareToEncrypt, or the next time a message is sent.

  This should not normally be necessary: it should only be used as a debugging tool if there has been a problem with encryption.

  Parameters

  • roomId: string

    the room to discard sessions for

  Returns Promise<void>

getCrossSigningKeyId

• getCrossSigningKeyId(type?): Promise<null | string>

• Get the ID of one of the user's cross-signing keys.

  Parameters

  • Optional type: CrossSigningKey

    The type of key to get the ID of. One of CrossSigningKey.Master, CrossSigningKey.SelfSigning, or CrossSigningKey.UserSigning. Defaults to CrossSigningKey.Master.

  Returns Promise<null | string>

  If cross-signing has been initialised on this device, the ID of the given key. Otherwise, null

getCrossSigningStatus

• getCrossSigningStatus(): Promise<CrossSigningStatus>

• Get the status of our cross-signing keys.

  Returns Promise<CrossSigningStatus>

  The current status of cross-signing keys: whether we have public and private keys cached locally, and whether the private keys are in secret storage.

getDeviceVerificationStatus

• getDeviceVerificationStatus(userId, deviceId): Promise<null | DeviceVerificationStatus>

• Get the verification status of a given device.

  Parameters

  • userId: string

    The ID of the user whose device is to be checked.

  • deviceId: string

    The ID of the device to check

  Returns Promise<null | DeviceVerificationStatus>

  null if the device is unknown, or has not published any encryption keys (implying it does not support encryption); otherwise the verification status of the device.

getTrustCrossSignedDevices

• getTrustCrossSignedDevices(): boolean

• Return whether we trust other user's signatures of their devices.

  Returns boolean

  true if we trust cross-signed devices, otherwise false.

  See

  setTrustCrossSignedDevices

getUserDeviceInfo

• getUserDeviceInfo(userIds, downloadUncached?): Promise<DeviceMap>

• Get the device information for the given list of users.

  For any users whose device lists are cached (due to sharing an encrypted room with the user), the cached device data is returned.

  If there are uncached users, and the downloadUncached parameter is set to true, a /keys/query request is made to the server to retrieve these devices.

  Parameters

  • userIds: string[]

    The users to fetch.

  • Optional downloadUncached: boolean

    If true, download the device list for users whose device list we are not currently tracking. Defaults to false, in which case such users will not appear at all in the result map.

  Returns Promise<DeviceMap>

  A map {@link DeviceMap}.

getVerificationRequestsToDeviceInProgress

• getVerificationRequestsToDeviceInProgress(userId): Crypto.VerificationRequest[]

• Returns to-device verification requests that are already in progress for the given user id.

  Parameters

  • userId: string

    the ID of the user to query

  Returns Crypto.VerificationRequest[]

  the VerificationRequests that are in progress

importRoomKeys

• importRoomKeys(keys, opts?): Promise<void>

• Import a list of room keys previously exported by exportRoomKeys

  Parameters

  • keys: IMegolmSessionData[]

    a list of session export objects

  • Optional opts: ImportRoomKeysOpts

    options object

  Returns Promise<void>

  a promise which resolves once the keys have been imported

isCrossSigningReady

• isCrossSigningReady(): Promise<boolean>

• Checks whether cross signing:

  • is enabled on this account and trusted by this device
  • has private keys either cached locally or stored in secret storage

  If this function returns false, bootstrapCrossSigning() can be used to fix things such that it returns true. That is to say, after bootstrapCrossSigning() completes successfully, this function should return true.

  Returns Promise<boolean>

  True if cross-signing is ready to be used on this device

isSecretStorageReady

• isSecretStorageReady(): Promise<boolean>

• Checks whether secret storage:

  • is enabled on this account
  • is storing cross-signing private keys
  • is storing session backup key (if enabled)

  If this function returns false, bootstrapSecretStorage() can be used to fix things such that it returns true. That is to say, after bootstrapSecretStorage() completes successfully, this function should return true.

  Returns Promise<boolean>

  True if secret storage is ready to be used on this device

onCryptoEvent

• onCryptoEvent(room, event): Promise<void>

• Called by the /sync loop whenever an m.room.encryption event is received.

  This is called before RoomStateEvents are emitted for any of the events in the /sync response (even if the other events technically happened first). This works around a problem if the client uses a RoomStateEvent (typically a membership event) as a trigger to send a message in a new room (or one where encryption has been newly enabled): that would otherwise leave the crypto layer confused because it expects crypto to be set up, but it has not yet been.

  Parameters

  • room: Room

    in which the event was received

  • event: MatrixEvent

    encryption event to be processed

  Returns Promise<void>

onSyncCompleted

• onSyncCompleted(syncState): void

• Called by the /sync loop after each /sync response is processed.

  Used to complete batch processing, or to initiate background processes

  Parameters

  • syncState: OnSyncCompletedData

    information about the completed sync.

  Returns void

prepareToEncrypt

• prepareToEncrypt(room): void

• Perform any background tasks that can be done before a message is ready to send, in order to speed up sending of the message.

  Parameters

  • room: Room

    the room the event is in

  Returns void

preprocessToDeviceMessages

• preprocessToDeviceMessages(events): Promise<IToDeviceEvent[]>

• Called by the /sync loop whenever there are incoming to-device messages.

  The implementation may preprocess the received messages (eg, decrypt them) and return an updated list of messages for dispatch to the rest of the system.

  Note that, unlike ToDeviceEvent events, this is called on the raw to-device messages, rather than the results of any decryption attempts.

  Parameters

  • events: IToDeviceEvent[]

    the received to-device messages

  Returns Promise<IToDeviceEvent[]>

  A list of preprocessed to-device messages.

processDeviceLists

• processDeviceLists(deviceLists): Promise<void>

• Handle the notification from /sync that device lists have been changed.

  Parameters

  • deviceLists: IDeviceLists

    device_lists field from /sync

  Returns Promise<void>

processKeyCounts

• processKeyCounts(oneTimeKeysCounts?, unusedFallbackKeys?): Promise<void>

• Called by the /sync loop when one time key counts and unused fallback key details are received.

  Parameters

  • Optional oneTimeKeysCounts: Record<string, number>

    the received one time key counts

  • Optional unusedFallbackKeys: string[]

    the received unused fallback keys

  Returns Promise<void>

requestDeviceVerification

• requestDeviceVerification(userId, deviceId): Promise<Crypto.VerificationRequest>

• Request an interactive verification with the given device.

  This is normally used on one of our own devices, when the current device is already cross-signed, and we want to validate another device.

  If a verification for this user/device is already in flight, returns it. Otherwise, initiates a new one.

  To control the methods offered, set verificationMethods when creating the MatrixClient.

  Parameters

  • userId: string

    ID of the owner of the device to verify

  • deviceId: string

    ID of the device to verify

  Returns Promise<Crypto.VerificationRequest>

  a VerificationRequest when the request has been sent to the other party.

requestOwnUserVerification

• requestOwnUserVerification(): Promise<Crypto.VerificationRequest>

• Send a verification request to our other devices.

  This is normally used when the current device is new, and we want to ask another of our devices to cross-sign.

  If an all-devices verification is already in flight, returns it. Otherwise, initiates a new one.

  To control the methods offered, set verificationMethods when creating the MatrixClient.

  Returns Promise<Crypto.VerificationRequest>

  a VerificationRequest when the request has been sent to the other party.

setTrustCrossSignedDevices

• setTrustCrossSignedDevices(val): void

• Set whether to trust other user's signatures of their devices.

  If false, devices will only be considered 'verified' if we have verified that device individually (effectively disabling cross-signing).

  true by default.

  Parameters

  • val: boolean

    the new value

  Returns void

userHasCrossSigningKeys

• userHasCrossSigningKeys(): Promise<boolean>

• Checks if the user has previously published cross-signing keys

  This means downloading the devicelist for the user and checking if the list includes the cross-signing pseudo-device.

  Returns Promise<boolean>

  true if the user has previously published cross-signing keys